Establishing Digital Trust: Don't Sacrifice Security for Convenience
A recent survey of 125 U.S. retailers found that 37 percent of respondents admitted they have no way of identifying which systems their temporary workers may have accessed.
The survey, conducted in November 2015 by Osterman Research and sponsored by Bay Dynamics, also found that more than a quarter of respondents have no idea if their temporary employees have ever accessed and/or sent any data they shouldn't have accessed or sent.
The report notes that retailers are expected to increase their hiring by 755,000 temporary workers during the final three months of the year, according to Challenger, Gray & Christmas.
And even though 62 percent of respondents said they know everything their permanent employees are doing on their corporate systems and 50 percent can say the same of their temporary employees, 61 percent said temporary retail floor workers do not have unique login credentials for corporate systems. Twenty-one percent said the same is true of permanent floor workers.
"When employees use shared accounts, retailers do not have visibility into what each individual is doing when they access corporate systems and data assets," the report notes.
Over a third of respondents view temporary workers as a high risk to their organization, and 47 percent view them as somewhat risky.
In spite of those findings, on a scale of 1 to 7 with 7 being the most proactive, over 80 percent of retailers gave themselves a 6 or higher on identifying critical assets that must be protected, detecting theft or data leakage, and controlling employee access to critical assets.
And while over 70 percent of respondents believe their organizations are proactive in providing security awareness training to employees, about 80 percent of those surveyed provide security training only once or twice per year.
"Retail organizations, especially during the holiday season, continue to promote a culture that focuses on keeping the lights on," Osterman Research principal analyst Michael Osterman said in a statement. "Security is overlooked, and that needs to change."
"Criminals will do whatever it takes to get inside, whether that’s landing a job as a temporary employee during the holiday season or exploiting an employee from afar," Osterman added. "To thwart their efforts, retailers need full visibility into what employees are doing on their network or otherwise risk getting breached."
Last winter, a survey by Avecto and Curve IT found that 72 percent of temporary workers have received admin privileges on their employers' IT systems, and only half had been informed of any application or data restrictions when they were brought into the company.
A recent eSecurity Planet article examined the importance of providing employees with security training.